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DETAILED ACTION 

1. This action is responsive to communication: original application filed 

15 January 2001, with acknowledgement of a foreign priority date of 12 May 2000. 

2. Claims 1-14 are currently pending in this application. Claims 1, 7, 1 1, and 14 are 
independent claims. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent granted 
on an application for patent by another filed in the United States before the invention by the applicant 
for patent, except that an international application filed under the treaty defined in section 35 1(a) shall 
have the effects for purposes of this subsection of an application filed in the United States only if the 
international application designated the United States and was published under Article 21(2) of such 
treaty in the English language 

4. Claims 1-15 are rejected under 35 U.S.C. 102(e) as being anticipated by Denker 
U.S. Patent No. 5,958,053 (hereinafter 4 053). 

As to independent claim 1, "A method for defeating, in a server unit of an IP 
(Internet Protocol) network, a SYN flooding attack, said server unit running TCP 
(Transport Control Protocol) to allow the establishment of one or more TCP 
connections with one or more client units, said method comprising the steps of: 
upon having activated TCP in said server unit:" is taught in '053 col. 4, lines 44-55; 

"listening for the receipt of a SYN message sent from one said client unit" 
and "resuming to said listening step" is shown in col. 6, lines 59-60; 
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"upon receiving said SYN message: computing an ISR (Initial Sequence 
number Receiver side); responding to said client unit with a SYN-ACK message 
including said computed said ISR" is disclosed in col. 4, lines 58-64. 

As to dependent claim 2, "wherein the step of computing said ISR further 
includes the steps of: concatenating a randomly generated key with an identification 
of one said TCP connection said identification including: a client socket and a server 
socket; hashing said concatenation, thus obtaining a server signature; concatenating 
said server signature and a category index referring to a set of predefined TCP 
connection categories; thereby, obtaining a computed ISR" is taught in c 053 col. 7, 
lines 47-67. 

As to dependent claim 3, "wherein said computing step further comprises the 
steps of: updating, in said server unit, a pseudo-random number (PRN) generator; 
holding a current key; remembering a former key; and using said current key as 
said randomly generated key for said computed ISR" is shown in '053 col. 10, line 50 
through col. 11, line 3. 

As to dependent claim 4, "wherein the step of concatenating said category 
index includes the further step of picking up a category index within said set of 
predefined connection categories on the basis of the content of said received SYN 
message" is disclosed in 053 col. 7, lines 47-67. 

As to dependent claim 5, "wherein said updating step includes the step of: 
updating said PRN generator at a. rate not higher than an MSL (Maximum 
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Segment Lifetime) defined in said TCP connection" is taught in '053 col. 7, 
lines 47-61. 

As to independent claim 6, "A method for defeating, in a client unit of an IP 
network, a S YN flooding attack, said method comprising the steps of upon receiving 
a SYN--ACK message from a server unit: normally responding with an ACK 
message, said step of normally responding comprising the step of: including, in said 
ACK message, a computed ISR incremented by one" is shown in '053 col. 4, 
lines 44-67. 

As to independent claim 7, "A method for defeating, in a server unit of an IP 
network having a TCP connection, a SYN flooding attack, said method comprising 
the steps of: upon having activated TCP in said server unit" is disclosed in c 053 col. 
4, lines 33-54; 

"listening for the receiving of an ACK message sent from one client unit" and 
"in either case: resuming said listening step" is taught in '053 col. 6, lines 59-60; 

"upon receiving said ACK message: checking an ISR" and "if passing said 
checking step: decoding said ISR as being an authentic computed ISR; allocating 
resources for said TCP connection according to content of said computed ISR; 
establishing said TCP connection" is shown in 6 053 col. 5, line 1-3; 

if failing said checking step: dropping said ACK message;" is disclosed in 
'053 col. 5, lines 40-42. 

As to dependent claim 8, "herein the decoding step includes the step of 
interpreting a category index extracted [[688]] from said computed ISR" is taught 
in '053 col. 5 5 lines 1-8. 
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As to dependent claim 9, "wherein the allocating step includes the step of: 
selecting a predefined set of parameters, for said TCP connection, on the basis of the 
value of said category index" is shown in '053 col. 11, lines 25-50. 

As to dependent claim 10, "wherein the step of checking said ISR includes, 
upon receiving said ACK message, the steps of: having, firstly, selected said current 
key: getting said selected key; concatenating said selected key with an identification 
of said TCP connection" is disclosed in '053 col. 5 3 lines 1-8; 

"said identification including: a client socket and a server socket" is taught in 
'053 col. 7, lines 46-61; 

"hashing said concatenation, thus obtaining a re-computed server signature; 
extracting an acknowledgment field from said ACK message" is shown in '053 col. 9, 
lines 2-13; 

"decrementing content of said acknowledgement field; extracting said server 
signature" is disclosed in '053 col. 11, lines 29-50; 

"comparing said re-computed server signature and said extracted server 
signature; if said extracted server signature and said re-computed server signature 
match: extracting said category index; if said extracted server signature and said re- 
computed server signature to not match: checking if a second loop status is set" is 
taught in '053 col. 9, lines 20-33; 

"If not set: selecting a former key [[698]]" is shown in '053 col. 10, line 66 
through col. 11, line 3; 

"setting a second loop status; resuming execution at said getting step; if set: 
failing said checking step" is disclosed in c 053 col. 10, lines 50-65. 
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As to independent claim 11, this claim is directed to the computer program 
product of claim 1 and is rejected along the same rationale. 

As to dependent claims 12 and 13, these claims contain substantially similar 
subject matter to claims 2 and 3 therefore they are rejected along the same rationale. 

As to dependent claim 14, this claim is directed to the system of the method of 
claim 1 and is rejected along the same rationale. 



5. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Ellen C Tran whose telephone number is 
(703) 305-8917. The examiner can normally be reached on 6:30 am to 3:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Gregory A Morse can be reached on (703) 308-4789. The fax phone number 
for the organization where this application or proceeding is assigned is 703-872-9306. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 306- 
5484. 



Conclusion 



Ellen Tran, 
Patent Examiner 
Technology Center 2134 
27 May 2004 




